Loading ...
Sorry, an error occurred while loading the content.
 

Re: Possible SPAM mitigation trick

Expand Messages
  • mouss
    ... no, this is different than GL: here, every host (legit or not) will try MX1, then if compliant, will try MX2. legit systems are thus somewhat penalized. In
    Message 1 of 14 , Nov 22, 2005
      Covington, Chris a écrit :
      > Guys,
      >
      > This is what I've setup:
      >
      > fauxmx01.plusone.com MX 10 (fake MX, non-responding <network> IP)
      > nymeta01.plusone.com MX 20 (real MX)
      > nymeta02.plusone.com MX 20 (real MX)
      > fauxmx02.plusone.com MX 30 (fake MX, non-responding <broadcast> IP)
      >
      > This will slow down the "sneak in through the presumably
      > less-restrictive, lower-priority MX" as well as the "go
      > straight to the highest-priority MX" direct-to-MXers. And
      > it uses no IPs, if you use your network and broadcast IPs.
      > I wonder if this can be used in place of greylisting...

      no, this is different than GL:

      here, every host (legit or not) will try MX1, then if compliant, will
      try MX2. legit systems are thus somewhat penalized.

      In GL, once a host has been "automatically whitelisted", it is no more
      deferred.


      Also here, a spamware that tries second MX won't be blocked. while in GL
      it will be deferred.

      so the approaches may be used together. I personally don't feel playing
      these MX games.
    • Covington, Chris
      ... The theory behind GLing is that direct-to-MX clients won t retry, so if they time out at the primary MX or at the lowest-value MX that might be just as
      Message 2 of 14 , Nov 23, 2005
        On Wed, Nov 23, 2005 at 02:23:39AM +0100, mouss wrote:
        > no, this is different than GL:
        >
        > here, every host (legit or not) will try MX1, then if compliant, will
        > try MX2. legit systems are thus somewhat penalized.
        >
        > In GL, once a host has been "automatically whitelisted", it is no more
        > deferred.
        >
        >
        > Also here, a spamware that tries second MX won't be blocked. while in GL
        > it will be deferred.

        The theory behind GLing is that direct-to-MX clients won't retry, so if
        they time out at the primary MX or at the lowest-value MX that might be
        just as effective as tempfailing them.

        ---
        Chris Covington
        IT
        Plus One Health Management
        75 Maiden Lane Suite 801
        NY, NY 10038
        646-312-6269
        http://www.plusoneactive.com
      • Jorey Bump
        ... It s important to note that both methods exploit the lack of RFC-compliant behavior common to malware, albeit using completely different approaches.
        Message 3 of 14 , Nov 23, 2005
          Covington, Chris wrote:
          > On Wed, Nov 23, 2005 at 02:23:39AM +0100, mouss wrote:
          >
          >>Also here, a spamware that tries second MX won't be blocked. while in GL
          >>it will be deferred.
          >
          > The theory behind GLing is that direct-to-MX clients won't retry, so if
          > they time out at the primary MX or at the lowest-value MX that might be
          > just as effective as tempfailing them.

          It's important to note that both methods exploit the lack of
          RFC-compliant behavior common to malware, albeit using completely
          different approaches. Furthermore, they attempt to do it in an
          RFC-compliant way.

          This is a stated weakness of both methods, because it is possible that
          malware authors will adapt. But, it's arguable that this adaptation
          offers benefits in the long run. If malware writers feel it's worth it
          to obey the RFCs, maybe others will follow suit.

          By gradually becoming a little less liberal in what we accept, the
          pressure will come to bear on administrators and software developers who
          unleash misbehaving mail systems on the rest of the world.
        • Xavier Beaudouin
          [...] ... Problem is that most low end users /mail administrator that handle only 3 or 4 mailboxes are mostly ignorant of the deal and the responsability
          Message 4 of 14 , Nov 23, 2005
            [...]

            > By gradually becoming a little less liberal in what we accept, the
            > pressure will come to bear on administrators and software developers who
            > unleash misbehaving mail systems on the rest of the world.

            Problem is that most low end "users"/mail administrator that handle only 3
            or 4 mailboxes are mostly ignorant of the deal and the responsability
            about mail servers.

            Also most of them are really agressive when someone tell them that his
            server is badly configured and doesn't suit standards....

            This is bad... but I had to reduce my spam filter for customers that
            wanted their mails whatever it is spam or not...

            I've got chance that postfix allow me to add several policies to avoid
            being spammed :p

            /Xavier

            --
            Quand on essaye continuellement, on finit par y arriver. Donc, plus ca
            rate, plus on a de chance que ca marche...
            (Proverbe Shadok)
          • Mark Nernberg
            ... most is an understatement. ... How true. ... Instead, I ve taken a different approach. I allow my customers to have ALL of my spam filtering, or NONE of
            Message 5 of 14 , Nov 23, 2005
              On 11/23/05 12:20 PM, "Xavier Beaudouin" <kiwi@...> wrote:

              >
              > [...]
              >
              >> By gradually becoming a little less liberal in what we accept, the
              >> pressure will come to bear on administrators and software developers who
              >> unleash misbehaving mail systems on the rest of the world.
              >
              > Problem is that most low end "users"/mail administrator that handle only 3
              > or 4 mailboxes are mostly ignorant of the deal and the responsability
              > about mail servers.
              >

              "most" is an understatement.

              > Also most of them are really agressive when someone tell them that his
              > server is badly configured and doesn't suit standards....

              How true.
              >
              > This is bad... but I had to reduce my spam filter for customers that
              > wanted their mails whatever it is spam or not...

              Instead, I've taken a different approach. I allow my customers to have ALL
              of my spam filtering, or NONE of my spam filtering. Nothing in between. I
              explain to them that the problem is when sending servers are non-compliant
              with the rules. I inform the sending server administrators that we are
              blocking their mail. The admins don't really give a shit.

              But when my customers start bothering the other admins users, and those
              users start buggering the non-compliant admin, things seem to get done.


              --
              Mark J. Nernberg
              Director of Technology
              (412)478-6262

              http://www.downtownhelpdesk.com/

              Customer Support: support@...

              Have you tried our on-demand remote support services?

              Downtown Help Desk and 1-Fast Computer Service, providing quality technology
              solutions to the small business since 2003.
            Your message has been successfully submitted and would be delivered to recipients shortly.